PT-2025-2428

Name of the Vulnerable Software and Affected Versions: IBM Control Center versions 6.2.1 through 6.3.1 Description: The issue is related to an observable discrepancy in responses to incoming requests, which could allow a remote attacker to enumerate usernames. This discrepancy may enable...

PT-2025-4853 · Unknown · Cosmos-Server

Name of the Vulnerable Software and Affected Versions: Cosmos-Server versions prior to 0.17.7 Description: The Cosmos-Server software has a user enumeration issue due to the error code returned during login, allowing an attacker to determine if a user exists in the database by monitoring the erro...

PT-2024-16760 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment versions prior to the latest release Description: A critical issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to SQL injection. The attack may be initiate...

PT-2024-7392

Name of the Vulnerable Software and Affected Versions: Webmin Usermin version 2.100 Description: A discrepancy in error messages for invalid login attempts in Webmin Usermin allows attackers to enumerate valid user accounts. This issue is related to shortcomings in the error reporting mechanism,...

PT-2024-37516 · WordPress · Wps Hide Login

Name of the Vulnerable Software and Affected Versions: WPS Hide Login WordPress plugin versions prior to 1.9.16.4 Description: The issue allows an unauthenticated visitor to access the hidden login page due to the plugin not preventing redirects to the login page via the auth redirect WordPress...

PT-2024-31058 · Cemipark · Cemipark

Name of the Vulnerable Software and Affected Versions: CemiPark software versions 4.5, 4.7, 5.03 Description: The access control in CemiPark software does not properly validate user-entered data, allowing for authentication bypass. An attacker with network access to the login panel can log in wit...

PT-2024-2528 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03 Description: The issue is related to an open redirect vulnerability on the login page of JetBrains TeamCity. This could allow a remote attacker to redirect a user to an arbitrary URL...

PT-2024-12880 · Unknown · Openclinic Ga

Name of the Vulnerable Software and Affected Versions: OpenClinic GA version 5.247.01 Description: A Reflected Cross-Site Scripting XSS issue has been discovered. The message parameter in the login.jsp is vulnerable. Recommendations: For OpenClinic GA version 5.247.01, avoid using the message...

PT-2024-19013 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the respon...

PT-2023-24784 · Kyocera · Kyocera Taskalfa 4053Ci

Name of the Vulnerable Software and Affected Versions: Kyocera TASKalfa 4053ci printers through 2VG S000.002.561 Description: The issue allows identification of valid user accounts via username enumeration. This occurs because the system returns a "nicht einloggen" error rather than a "falsch"...

PT-2023-29764 · Wipotec Gmbh · Comscale

Name of the Vulnerable Software and Affected Versions: WIPOTEC GmbH ComScale versions 4.3.29.21344 through 4.4.12.723 Description: An issue in WIPOTEC GmbH ComScale allows unauthenticated attackers to login as any user without a password. Recommendations: For versions 4.3.29.21344 and 4.4.12.723,...

PT-2023-28721 · Macrob7 · Macrob7 Macs Framework Content Management System

Name of the Vulnerable Software and Affected Versions: Macrob7 Macs Framework Content Management System CMS version 1.1.4f Description: The issue is related to a PHP type confusion vulnerability due to loose comparison in the isValidLogin function during a login attempt. This vulnerability can le...

PT-2023-6846 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to the lack of path filtering on the GLPI URL, which may allow an attacker to transmit a malicious URL of the login page to attempt a phishing attack on user credentials. This c...

PT-2023-5182 · Unknown · Qms Automotive

Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: A vulnerability has been identified in QMS Automotive that allows an attacker to enumerate usernames and identify valid usernames due to the application returning inconsistent error message...

PT-2023-27133 · Sourcecodester · Sourcecodester Online Jewelry Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Jewelry Store version 1.0 Description: A critical issue has been found in the login.php file, where the manipulation of the username and password arguments leads to sql injection. The attack can be initiated remotely...

PT-2023-25741 · Sourcecodester · Sourcecodester Insurance Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Life Insurance Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Life Insurance Management System. This issue affects the file login.php and is caused by the manipulation of the...

PT-2023-23754 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A critical issue was discovered, affecting unknown code. The manipulation of the username and password arguments with the input admin leads to the use of a hard-coded password. Recommendations: For OTCMS...

PT-2023-20684 · Unknown · Lorawan-Stack

Name of the Vulnerable Software and Affected Versions: lorawan-stack versions prior to 3.24.1 Description: The issue is related to an open redirect on the login page of the lorawan-stack server, allowing an attacker to supply a user-controlled redirect upon sign in. This may enable malicious acto...

PT-2023-16525 · Sourcecodester · Sourcecodester Best Online News Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical issue has been found in the Login Page component, where the manipulation of the username argument leads to SQL injection. This can be exploited remotely...

PT-2022-11456

Name of the Vulnerable Software and Affected Versions Sourcecodester Banking System version 1 Description The issue allows attackers to execute arbitrary SQL commands via the username or password field, potentially leading to unauthorized access or data manipulation. Recommendations For...